Specifying Gateway for VPN Connection
The VPN addresses given out are in the 10.1.0.0/24 range. The local LAN is in 192.168.0.0/24. The remote LAN is 192.168.1.0/24.
You are in pretty good shape since there is no overlap there. What you are missing is a route to 192.168.1.0/24. When you try to connect to that subnet, it goes out your default gateway (local internet connection) since there is no specific route for it.
Without using split tunnel, it works, because your default gateway is the remote server, and it knows how to get to 192.168.1.0/24. With split tunnel, you need to specify that that traffic needs to go over the VPN.
There are two ways to fix that:
- Change the VPN on the server side to bridge to the LAN, and hand out 192.168.1.0/24 addresses. Since this doesn't require any changes on the client side, it's probably the easiest if you have many clients.
- Add a specific route to 192.168.1.0/24 using 10.1.0.1 as the gateway - this needs to be added on every client. Some VPN clients have a configuration setting to add routes every time you connect. Some do not, in which case you'd have to readd it every time you connect.
Open an administrator command prompt and type:
route add 192.168.1.0 mask 255.255.255.0 10.1.0.1
If there are other subnets on the remote network you want to access, do the same for those as well.
Danwise
Updated on September 18, 2022Comments
-
Danwise almost 2 years
I'm not very familiar with networking really, so go easy on me!
I need help enabling Split Tunnelling for client connections to my newly created VPN server. I've un-ticked the
Use Default Gateway on the Remote Networkoption under the IPV4 properties of the connection, and whilst I can connect to the VPN, I am unable to see any of my shared files on the network. After doing some digging, I've read a lot about Windows 7/8 (I'm on 8) messing up the routing tables it builds for the connections, and sending all traffic, including that destined for my VPN server's IP address, down my local network's gateway, the practical upshot of which, I am told, is that I cannot see my files. I've experimented with Add Route, to specify a route to my VPN server with the server's gateway, but every time I connect to the VPN (withUse Default Gatewaydisabled), it just seems to create a new route with my local network's gateway again. I can enableUse Default Gateway, but this means that I am unable to access the internet whilst I'm an accessing my files, which is really not ideal. As requested, route print and ipconfig outputs from the two connection states.route print whilst not connected:
=========================================================================== Interface List 13...e0 91 f5 45 01 a3 ......NETGEAR WNA3100 N300 Wireless USB Adapter 12...bc 5f f4 4a ba 58 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.111 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.111 281 192.168.0.111 255.255.255.255 On-link 192.168.0.111 281 192.168.0.255 255.255.255.255 On-link 192.168.0.111 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.111 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.111 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 15 306 ::/0 On-link 1 306 ::1/128 On-link 15 306 2001::/32 On-link 15 306 2001:0:9d38:6ab8:1847:37dc:3f57:ff90/128 On-link 13 281 fe80::/64 On-link 15 306 fe80::/64 On-link 15 306 fe80::1847:37dc:3f57:ff90/128 On-link 13 281 fe80::1985:4157:1301:d268/128 On-link 1 306 ff00::/8 On-link 15 306 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: Noneipconfig output when not connected:
Windows IP Configuration Wireless LAN adapter WiFi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::1985:4157:1301:d268%13 IPv4 Address. . . . . . . . . . . : 192.168.0.111 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{9AB5BE37-2DEA-4436-86CD-B9296315C1B1}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:cc2:1398:3f57:ff90 Link-local IPv6 Address . . . . . : fe80::cc2:1398:3f57:ff90%15 Default Gateway . . . . . . . . . : ::route print output while connected:
=========================================================================== Interface List 28...........................Greendale VPN 13...e0 91 f5 45 01 a3 ......NETGEAR WNA3100 N300 Wireless USB Adapter 12...bc 5f f4 4a ba 58 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.111 281 10.0.0.0 255.0.0.0 10.1.0.1 10.1.0.5 21 10.1.0.5 255.255.255.255 On-link 10.1.0.5 276 86.129.242.71 255.255.255.255 192.168.0.1 192.168.0.111 26 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.111 281 192.168.0.111 255.255.255.255 On-link 192.168.0.111 281 192.168.0.255 255.255.255.255 On-link 192.168.0.111 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.111 281 224.0.0.0 240.0.0.0 On-link 10.1.0.5 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.111 281 255.255.255.255 255.255.255.255 On-link 10.1.0.5 276 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 15 306 ::/0 On-link 1 306 ::1/128 On-link 15 306 2001::/32 On-link 15 306 2001:0:4137:9e76:cc2:1398:3f57:ff90/128 On-link 13 281 fe80::/64 On-link 15 306 fe80::/64 On-link 15 306 fe80::cc2:1398:3f57:ff90/128 On-link 13 281 fe80::1985:4157:1301:d268/128 On-link 1 306 ff00::/8 On-link 15 306 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: Noneipconfig output while connected:
Windows IP Configuration PPP adapter Greendale VPN: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 10.1.0.5 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : Wireless LAN adapter WiFi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::1985:4157:1301:d268%13 IPv4 Address. . . . . . . . . . . : 192.168.0.111 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{9AB5BE37-2DEA-4436-86CD-B9296315C1B1}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:cc2:1398:3f57:ff90 Link-local IPv6 Address . . . . . : fe80::cc2:1398:3f57:ff90%15 Default Gateway . . . . . . . . . : :: Tunnel adapter isatap.{1B17315F-3193-4F06-B126-64D880540683}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :Where
192.168.0.1is my local router through which I'm connected to the internet,192.168.0.11is my client computer's address on this local network,86.129.242.71is my VPN server,10.1.0.1 - 10.1.0.10is my IP range for VPN clients and10.1.0.1is the default gateway on that server. It's also worth noting that that the IP I'm connecting to,86.129.242.71, is not static and will change, at the whim of my ISP!Is there anything that I'm missing to help me enable this Split Tunnelling feature? If anyone could explain to me how this routing table works and maybe how to force a connection to take a specific route (and what that specific route should be), that would be amazing.
You'll have to forgive my lack of understanding on these subjects, I'm not really a network person, but I am trying to learn! I've searched all over for a solution to this problem, but I've never been able to find a solution that seems to work, so any help is greatly, enormously appreciated!
Thanks, Danwise
-
Danwise over 11 yearsI've just tried adding that route to the client, to no avail, still not seeing my shared files nor can I ping the file server, although seeing as I'm currently the only client on this VPN, I'm not averse to this solution. How would I go about making the VPN server bridge to the LAN and hand out those IP addresses to clients? I'm using Server 2012 Datacenter (was free with MSDNAA!), but it seems to behave the same as Server 2008 in all respects. Thanks for your continued help with this, it's massively appreciated :)
-
Danwise over 11 yearsActually, it's worth noting, the router on the server end of the connection doles out IP's in the range
192.168.1.64/253, not192.168.1.0/24 -
Danwise over 11 yearsActually, I've cracked it! It was the Add Route option that worked, just seemingly needed to add it specifying the interface as the client IP address as given by the VPN, so in this case
10.1.0.10, rather than the local LAN IP address of the client that it was being given by default,192.168.0.11. Thankyou so much for the help, I presume this solution will not be affected by the changing public IP of the VPN server? Is there a chance you could explain why this specific interface needed to be used? Thankyou again! -
Grant over 11 yearsThe public IP address won't affect anything (though you'll need to know it, or use dynamic DNS when trying to connect). -
Danwise over 11 yearsCool, yeah I'm looking at a DynDns subscription, although also the possibility of writing a service that will run on the server, regularly checking the public IP and then emailing me whenever it changes, not exactly sure how possible this'll be but it should be a fun experiment in being a cheap ass hahaha
-
Grant over 11 yearsThere are lots of free dynamic DNS providers. The list of ones DNS-O-Matic supports should get you started: dnsomatic.com/wiki/supportedservices
-
Danwise over 11 yearsCheers, I'll have a look at that, cause DynDNS isn't exactly expensive, but it'd be good to find a free alternative, just for the sake of this VPN